CVE-2026-45397
published 2026-05-15CVE-2026-45397: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG…
PriorityP341medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
0.72%
49.3th percentile
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticated HTTP client. No Authorization header, cookie, or API key is required. Every adjacent endpoint on the same router (/embedding, /config) is correctly guarded by get_admin_user making this a targeted omission. This vulnerability is fixed in 0.9.5.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-webui | open-webui | < 0.9.5 | 0.9.5 |
| open-webui | open-webui | >= 0 < 0.9.5 | 0.9.5 |
| openwebui | open_webui | < 0.9.5 | 0.9.5 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
open-webui Open WebUI up to 0.9.4 /api/v1/retrieval/ get_admin_user missing authentication (GHSA-65pg-qhhw-mxwg)
vuldb·2026-05-16·CVSS 5.3
CVE-2026-45397 [MEDIUM] open-webui Open WebUI up to 0.9.4 /api/v1/retrieval/ get_admin_user missing authentication (GHSA-65pg-qhhw-mxwg)
A vulnerability was found in open-webui Open WebUI up to 0.9.4. It has been declared as critical. This affects the function get_admin_user of the file /api/v1/retrieval/. Executing a manipulation can lead to missing authentication.
This vulnerability is registered as CVE-2026-45397. It is possible to launch the attack remotely. No exploit is available.
It is recommended to upgrade the affected component.
GHSA
Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure
ghsa·2026-05-14
CVE-2026-45397 [MEDIUM] CWE-306 Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure
Open WebUI Vulnerable to Unauthenticated RAG Configuration Disclosure
**Vulnerability Type:** Information Disclosure / Missing Authentication
**Severity:** Medium
**Component:** `backend/open_webui/routers/retrieval.py` — `get_status()` (`GET /`)
**Affected Endpoint:** `GET /api/v1/retrieval/`
**Affected Version:** Open WebUI `main` branch — confirmed unpatched through **v0.9.2**
**Authentication Required:** None — internet-facing with zero credentials
**CVSSv3.1 Score:** 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
---
## Summary
`GET /api/v1/retrieval/` returns live RAG pipeline configuration to any unauthenticated HTTP client. No `Authorization` header, cookie, or API key is required. Every adjacent endpoint on the same router (`/embedding`, `/config`) is correctly guarded by `get_admi
No detection rules found.
Nuclei
Open WebUI < 0.9.5 - Information Disclosure
nuclei·CVSS 5.3
CVE-2026-45397 [MEDIUM] Open WebUI < 0.9.5 - Information Disclosure
Open WebUI < 0.9.5 - Information Disclosure
Open WebUI < 0.9.5 contains an information disclosure vulnerability caused by unauthenticated access to GET /api/v1/retrieval/ endpoint, letting remote attackers retrieve live RAG pipeline configuration without authorization, exploit requires no authentication.
Template:
id: CVE-2026-45397
info:
name: Open WebUI < 0.9.5 - Information Disclosure
author: 0x_Akoko
severity: medium
description: |
Open WebUI < 0.9.5 contains an information disclosure vulnerability caused by unauthenticated access to GET /api/v1/retrieval/ endpoint, letting remote attackers retrieve live RAG pipeline configuration without authorization, exploit requires no authentication.
impact: |
Remote attackers can access sensitive configuration data without authentication, pot
No writeups or analysis indexed.
2026-05-15
Published